Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/CLuLFTU9ljDWZJ4YtoMi9jJx8Uo.roa
File:                     CLuLFTU9ljDWZJ4YtoMi9jJx8Uo.roa (raw, json)
Hash identifier:          2ngxTZ5iuvwBnCEL6MhD15UfFSbV4M+9ovtHV56DvnI=
Subject key identifier:   08:BB:8B:15:35:3D:96:30:D6:64:9E:18:B6:83:22:F6:32:71:F1:4A
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F1019C60CFFF39B2C5ABAE296487CC202
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/CLuLFTU9ljDWZJ4YtoMi9jJx8Uo.roa
Signing time:             Wed 24 Apr 2024 12:34:35 +0000
ROA not before:           Wed 24 Apr 2024 12:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216213
IP address blocks:        2a14:17c0::/29 maxlen: 29
                          2a14:1840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:19:c6:0c:ff:f3:9b:2c:5a:ba:e2:96:48:7c:c2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 24 12:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08bb8b15353d9630d6649e18b68322f63271f14a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:88:eb:42:34:9d:b6:a7:bd:b9:77:b1:f2:
                    06:33:23:17:b8:54:64:e8:4b:bd:9c:a5:4e:c5:a5:
                    91:43:e1:46:94:45:6d:2c:4b:36:91:61:ea:ba:37:
                    79:24:a8:77:f2:ca:08:52:99:8c:ba:da:96:e2:2c:
                    06:ef:f1:61:74:67:5c:20:d2:2a:ee:3f:f2:28:5e:
                    5f:e8:f7:56:74:70:6e:96:09:75:c1:e4:0e:10:28:
                    98:26:40:08:cd:39:32:ad:a4:77:b0:48:f8:03:1a:
                    bd:ae:68:2b:c5:2f:e4:5b:52:7b:1d:55:65:c5:d3:
                    5f:97:b1:1a:28:4f:89:4f:16:7a:84:7c:a3:2d:4c:
                    c4:4b:aa:56:eb:f5:c8:dd:cf:5d:56:38:e3:61:1d:
                    f4:99:71:c0:2a:f7:6b:d1:a6:19:14:2c:48:2a:83:
                    04:19:63:84:af:cc:68:4e:95:47:ff:0a:bc:ba:e7:
                    ec:2d:97:3c:66:78:e8:f1:f6:49:d9:e9:74:e5:68:
                    90:5b:e1:9d:7c:dc:64:c4:d6:71:08:c1:6e:4f:e2:
                    be:80:bf:93:53:64:1d:cd:0d:40:ac:f8:b9:0d:1f:
                    f8:e3:2d:58:0b:6c:94:e9:08:2c:cd:aa:1e:33:68:
                    59:cb:bb:ba:5f:e7:54:f4:90:59:8e:66:57:f9:74:
                    c6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BB:8B:15:35:3D:96:30:D6:64:9E:18:B6:83:22:F6:32:71:F1:4A
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/CLuLFTU9ljDWZJ4YtoMi9jJx8Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:17c0::/29
                  2a14:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:03:a6:73:5b:ed:91:53:a4:5d:83:03:d1:78:c1:4d:03:69:
         f0:9b:d7:20:fb:09:7e:db:1d:1f:84:72:c4:79:d3:56:89:57:
         22:4f:99:ed:62:3a:02:75:05:5d:12:45:2d:b1:4f:95:e5:6e:
         4f:a2:8e:4b:4d:16:8d:4b:c1:44:0b:0e:c1:fc:0d:e3:d0:c8:
         a3:50:39:12:87:87:77:cf:69:5d:b9:84:3c:9a:93:cb:c7:28:
         92:15:75:b8:bc:26:20:ee:e2:91:91:5a:3e:1c:0b:46:d5:ed:
         9c:5a:55:f2:8f:03:d6:dd:3c:c6:dd:14:97:ec:27:5a:33:e9:
         66:52:2b:f0:c5:a5:bd:aa:66:be:c1:26:0a:fb:d8:9d:7b:5a:
         6f:58:9a:23:2a:93:c2:9c:33:e4:20:7e:c2:60:33:13:1c:f6:
         f4:0b:1c:97:b9:5e:2c:2d:2d:a1:37:aa:5f:c8:f3:a0:af:bf:
         41:1e:7b:36:0a:0b:8b:fb:a6:08:ac:99:fa:7b:f1:ef:e7:6e:
         cc:17:0f:d5:04:f8:f1:cb:45:99:d5:da:a9:a2:71:51:57:d8:
         03:81:6f:d0:ae:92:41:b0:40:cb:d2:1a:e3:02:05:9e:fc:fc:
         0f:c1:af:96:7e:2f:a5:2f:5d:3b:5b:d4:df:f6:40:c8:66:ac:
         1b:a5:19:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8QGcYM//ObLFq64pZIfMICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDI0MTIzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJiOGIxNTM1M2Q5NjMwZDY2NDllMThiNjgzMjJmNjMyNzFmMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjeI60I0nbanvbl3sfIGMyMXuFRk
6Eu9nKVOxaWRQ+FGlEVtLEs2kWHqujd5JKh38soIUpmMutqW4iwG7/FhdGdcINIq
7j/yKF5f6PdWdHBulgl1weQOECiYJkAIzTkyraR3sEj4Axq9rmgrxS/kW1J7HVVl
xdNfl7EaKE+JTxZ6hHyjLUzES6pW6/XI3c9dVjjjYR30mXHAKvdr0aYZFCxIKoME
GWOEr8xoTpVH/wq8uufsLZc8Znjo8fZJ2el05WiQW+GdfNxkxNZxCMFuT+K+gL+T
U2QdzQ1ArPi5DR/44y1YC2yU6QgszaoeM2hZy7u6X+dU9JBZjmZX+XTG1wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAi7ixU1PZYw1mSeGLaDIvYycfFKMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvQ0x1TEZUVTlsakRXWko0WXRvTWk5akp4OFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhQXwAMF
AyoUGEAwDQYJKoZIhvcNAQELBQADggEBAAsDpnNb7ZFTpF2DA9F4wU0DafCb1yD7
CX7bHR+EcsR501aJVyJPme1iOgJ1BV0SRS2xT5Xlbk+ijktNFo1LwUQLDsH8DePQ
yKNQORKHh3fPaV25hDyak8vHKJIVdbi8JiDu4pGRWj4cC0bV7ZxaVfKPA9bdPMbd
FJfsJ1oz6WZSK/DFpb2qZr7BJgr72J17Wm9YmiMqk8KcM+QgfsJgMxMc9vQLHJe5
XiwtLaE3ql/I86Cvv0EeezYKC4v7pgismfp78e/nbswXD9UE+PHLRZnV2qmicVFX
2AOBb9CukkGwQMvSGuMCBZ78/A/Br5Z+L6UvXTtb1N/2QMhmrBulGaI=
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:24:58 2024 by rpki-client on console-ams.rpki-client.org